Ah, the security vulnerability that was used in the Google attack. It's been around the internet about a million times now, and even governments havestarted advising people to move away from Internet Explorer. As is usually the case, however, the internet has really blown the vulnerability out of proportion. I'll get right to it: if your machine and/or network has been compromised via this vulnerability, then you most likely had it coming. No sympathy for you.

In the case of the browser, MS made the right choice to stop supporing old IE6 only crap. I don't agree with much MS does but moving the browser towards a secure and standards compliant program should be recognized.

The problem is squarely on the people who developed an IE6 only application without thinking "gee.. the browser is an easy program to change between versions and brands; I think I'll make my code only work with one specific brand/version."

The secondary layer of responsibility is on the buying authority that though "yeah, this looks good.. let's buy this expensive and hard to replace information product that only works wit one brand/version of browser even though that's an easily changed bit of software that will have new versions in the future"

It's bad enough that user's saved data from Office applications pretty much dictates the use of that same or newer Office version to continue accessing it. To willfully accept that condition from your application interfaces is madness. You put it on a server so it's easy to manage and update, so everybody can access it and so that the client side OS becomes less relevant. The only one of those that doesn't fail is "so everybody can access it" though that also includes people outside the organization too now.